Installing ConfigServer Security & Firewall (csf)

From TeamSpeak Wiki
Revision as of 05:14, 6 January 2021 by Admin (talk | contribs) (Created page with "**Install and Configure a More Advanced Firewall** CSF is a script that vastly extends the capability of iptables on your server, including packet inspection and the ability...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
    • Install and Configure a More Advanced Firewall**

CSF is a script that vastly extends the capability of iptables on your server, including packet inspection and the ability to automatically IP ban anyone who is brute forcing things such as SSH logins. To quickly install the firewall run the following commands: 

   cd /usr/src
   rm -fv csf.tgz
   wget https://download.configserver.com/csf.tgz
   tar -xzf csf.tgz
   cd csf
   sh install.sh

At this point CSF will be in "Testing" mode and will not be running any additional protection, open up /etc/csf/csf.conf and change the following lines: 

   TESTING = "0"
   TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096,10011,30033,41144"
   UDP_IN = "20,21,53,9987"
   UDP_OUT = "20,21,53,113,123,873,2011:2110,6277,24441"

If you are utilising IPv6 you will also need to modify TCP6_IN, UDP6_IN and UDP6_OUT.

After changing these lines execute "csf -r" in your shell and the firewall will be active and will have the needed TeamSpeak 3 ports open.

If you want to receive notifications when an IP is blocked you can edit the file /root/.forward and enter an email to send notifications to, bear in mind this will need a mail server such as sendmail, postfix or exim.

Retrieved from ‘https://teamspeak.wiki/index.php?title=Installing_ConfigServer_Security_%26_Firewall_(csf)&oldid=14